19 matches found
EUVD-2026-36485
Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, lack of validations in the "submitdiscussion" endpoint allows for unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0...
CVE-2026-44208 Frappe: IDOR in `submit_discussion()`
Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, lack of validations in the "submitdiscussion" endpoint allows for unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0...
PT-2026-44889
XX-Net V5.16.6 contains a WebSocket frame parsing vulnerability in the WebSocket receive worker routine of simple http server.py that allows attackers to cause corrupted application data by sending unmasked WebSocket frames. The server unconditionally reads 4 bytes as a masking key regardless of...
CVE-2025-69233
CVE-2025-69233 affects Apache CloudStack and describes time-of-check/time-of-use race conditions in the resource count check and increment logic, along with missing validations, that allow users to exceed allocation limits for accounts/domains. This can enable an attacker to degrade infrastructur...
CVE-2025-40817
A vulnerability has been identified in LOGO! 12/24RCE 6ED1052-1MD08-0BA2 All versions, LOGO! 12/24RCEo 6ED1052-2MD08-0BA2 All versions, LOGO! 230RCE 6ED1052-1FB08-0BA2 All versions, LOGO! 230RCEo 6ED1052-2FB08-0BA2 All versions, LOGO! 24CE 6ED1052-1CC08-0BA2 All versions, LOGO! 24CEo...
CVE-2025-40817
A vulnerability has been identified in LOGO! 12/24RCE 6ED1052-1MD08-0BA2 All versions, LOGO! 12/24RCEo 6ED1052-2MD08-0BA2 All versions, LOGO! 230RCE 6ED1052-1FB08-0BA2 All versions, LOGO! 230RCEo 6ED1052-2FB08-0BA2 All versions, LOGO! 24CE 6ED1052-1CC08-0BA2 All versions, LOGO! 24CEo...
CVE-2025-40817
A vulnerability has been identified in LOGO! 12/24RCE 6ED1052-1MD08-0BA2 All versions, LOGO! 12/24RCEo 6ED1052-2MD08-0BA2 All versions, LOGO! 230RCE 6ED1052-1FB08-0BA2 All versions, LOGO! 230RCEo 6ED1052-2FB08-0BA2 All versions, LOGO! 24CE 6ED1052-1CC08-0BA2 All versions, LOGO! 24CEo...
EUVD-2025-106748
A vulnerability has been identified in LOGO! 12/24RCE 6ED1052-1MD08-0BA2 All versions, LOGO! 12/24RCEo 6ED1052-2MD08-0BA2 All versions, LOGO! 230RCE 6ED1052-1FB08-0BA2 All versions, LOGO! 230RCEo 6ED1052-2FB08-0BA2 All versions, LOGO! 24CE 6ED1052-1CC08-0BA2 All versions, LOGO! 24CEo...
CVE-2025-40817
A vulnerability has been identified in LOGO! 12/24RCE 6ED1052-1MD08-0BA2 All versions, LOGO! 12/24RCEo 6ED1052-2MD08-0BA2 All versions, LOGO! 230RCE 6ED1052-1FB08-0BA2 All versions, LOGO! 230RCEo 6ED1052-2FB08-0BA2 All versions, LOGO! 24CE 6ED1052-1CC08-0BA2 All versions, LOGO! 24CEo...
CVE-2025-49829 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) missing validations
Conjur provides secrets management and application identity for infrastructure. Missing validations in Secrets Manager, Self-Hosted allows authenticated attackers to inject resources into the database and to bypass permission checks. This issue affects Secrets Manager, Self-Hosted formerly Conjur...
CVE-2025-49829 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) missing validations
Conjur provides secrets management and application identity for infrastructure. Missing validations in Secrets Manager, Self-Hosted allows authenticated attackers to inject resources into the database and to bypass permission checks. This issue affects Secrets Manager, Self-Hosted formerly Conjur...
Improper Access Control
ezsystems/ezplatform is vulnerable to Improper Access Control. The vulnerability is caused by missing validations in the file download route used for downloading files by specifying the name of the downloaded file. An attacker can construct download URLs with filenames that have no relation to th...
SUSE CVE-2021-3655
A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory...
Reflected File Download
sinatra is vulnerable to reflected file download. The vulnerability exists because of missing validations of attachment function in base.rb which allows an attacker to perform untrusted file downloads...
PYSEC-2022-115
Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseTensorSliceDataset has an undefined behavior: under certain condition it can be made to dereference a nullptr value. The 3 input arguments to SparseTensorSliceDataset represent a sparse tensor. However, there are...
dpdk: librte_vhost Missing inputs validation in Vhost-crypto
A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read...
CVE-2020-28870
In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/formpersonalization/jsonfp.php...
Information Disclosure
kernel is vulnerable to information disclosure. The vulnerability exists through missing validations of null-terminated string data structure elements in the doreplace, compatdoreplace, doiptgetctl, doip6tgetctl, and doarptgetctl functions could allow a local user who has the CAPNETADMIN capabili...
Information Disclosure
kernel is vulnerable to information disclosure. The vulnerability exists through missing validations of null-terminated string data structure elements in the doreplace, compatdoreplace, doiptgetctl, doip6tgetctl, and doarptgetctl functions could allow a local user who has the CAPNETADMIN capabili...